Effective April, 2015, the WordPress 4.1.2 and 4.2.1 security releases were made available for download.
WordPress 4.1.2 Security Release
The 4.1.2 was a critical security release for all previous versions, according to Gary Pendergast of WordPress.
Pendergast announced,
“WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by Gary Pendergast, Mike Adams, and Andrew Nacin of the WordPress security team.”
The WordPress 4.1.2 security release was designed to fix three main vulnerabilities:
- In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded
- In WordPress 3.9 and higher, cross-site scripted could be used in a social engineering attack
- Additionally, certain plugins were vulnerable to an SQL injection vulnerability
It was also noted that many popular WordPress plugins issued their own security fixes at the same time.
WordPress 4.2.1 Security Release
Short after the update was announced another vulnerability allowing attackers to inject JavaScript into comments, gain full admin access to a WordPress website and run malicious code on the server was found. This led to a second critical upgrade- 4.2.1, launched just 6 days after the previous one.
WordPress 4.2.2 Security Release
Late on May 6, tens of millions of WordPress site administrators around the world were greeted by an all too familiar email from WordPress, announcing its third security release in less than four weeks- WordPress 4.2.2.
The best way to protect your WordPress website against security threats and other vulnerabilities is by keeping everything updated, including your installed plugins.
Before You Update
Although it is recommended that you keep your WordPress up to date, it is best not to attempt it on your own.
If your current website is powered by WordPress, it is best to contact Go Live UK to perform any necessary updates for you.
Doing it on your own has the potential to causes problems for certain elements and functionalities of your website. We recommended you avoid any potential risk or disruption to your online presence by contacting our team.
Let us also stress the importance of updating your WordPress to the latest available version, as your website may be vulnerable to hacks or other malicious attacks without it.
Contact Go Live UK today.